Protected Management Frames support
Protected Management Frames protect some types of management frames like deauthorization, disassociation and action frames. This feature, now mandatory on WiFi certified 802.1ac devices, prevents attackers from sending plain deauthorization/disassociation frames to disrupt or tear down a connection/association. PMF is a Wi-Fi Alliance specification based on IEEE 802.11w.
Use of PMF on an SSID is configurable only in the CLI.
config wireless-controller vap
edit <vap_name>
set pmf {disable | enable | optional}
set pmf-assoc-comeback-timeout <integer>
set pmf-sa-query-retry-timeout <integer>
set okc {disable | enable}
next
end
pmf PMF status
disable PMF not used.
enable PMF required.
optional Enable PMF, but allow clients that do not use PMF.
pmf-assoc-comeback-timeout Protected Management Frames (PMF) maximum timeout for comeback (1-20 seconds).
pmf-sa-query-retry-timeout Protected Management Frames (PMF) sa query retry timeout interval (in 100 ms), from 100 to 500. Integer value from 1 to 5.
okc enable or disable Opportunistic Key Caching (OKC).
Copyright © 2020 Fortinet, Inc. All Rights Reserved. | Terms of Service | Privacy Policy
